2.5 KiB
2.5 KiB
PoC and Lab Guides
Use these structures for practical proof-of-concept work.
PoC Template
- Objective: define the risk or audit objective.
- Scope: databases, schemas, tables, users, applications, and network paths.
- Prerequisites: versions, options, privileges, licenses, connectivity, backups, and rollback.
- Baseline: capture current performance, privileges, audit volume, and operational process.
- Configuration: implement the smallest meaningful control.
- Tests: positive, negative, performance, failover, audit, and rollback cases.
- Evidence: screenshots, SQL output, reports, logs, diagrams, and decision record.
- Acceptance criteria: security outcome, application impact, operational readiness, and support model.
Example TDE Lab Skeleton
Adapt syntax to the target Oracle version and wallet or OKV model.
-- Inventory candidate tablespaces.
SELECT tablespace_name, encrypted FROM dba_tablespaces ORDER BY tablespace_name;
-- Check wallet status.
SELECT wrl_type, status, wallet_type FROM v$encryption_wallet;
-- Example only: encrypt a test tablespace after backup and rollback planning.
ALTER TABLESPACE test_data ENCRYPTION ONLINE USING 'AES256' ENCRYPT;
-- Validate encrypted state.
SELECT tablespace_name, encrypted FROM dba_tablespaces WHERE tablespace_name = 'TEST_DATA';
Acceptance tests:
- Application read/write flows still pass.
- Backup and restore procedure is validated.
- Wallet or OKV outage scenario is understood.
- Key rotation procedure is documented and tested in non-production first.
Example Database Vault PoC
Test scenario:
- Create a realm around a sensitive application schema.
- Authorize the application owner and break-glass role.
- Attempt access as a powerful DBA account.
- Confirm blocked access is audited and operational tasks still work through approved paths.
Evidence:
- Realm definition.
- Authorized users and roles.
- Failed privileged access test.
- Successful approved access test.
- Emergency access procedure.
Example AVDF or Data Safe Audit PoC
Test scenario:
- Define high-risk events: privileged logon, failed logon, DDL, access to sensitive tables, grants, role changes, and policy changes.
- Generate test activity.
- Confirm collection, alerting, report generation, retention, and SIEM forwarding if required.
Acceptance criteria:
- Important events are captured with user, source, object, action, and timestamp.
- Noise is manageable.
- Reports answer audit questions without manual log stitching.